diff options
| author | khorben <khorben@pkgsrc.org> | 2017-08-25 01:43:17 +0000 |
|---|---|---|
| committer | khorben <khorben@pkgsrc.org> | 2017-08-25 01:43:17 +0000 |
| commit | e720d2a0372a64ecb9719eff49bee8e8ee613a17 (patch) | |
| tree | 29e4fa3bf8b3cb982d75eaa0f60af9ccb750e77f /mk | |
| parent | 08f54d673128585df6067eb8442924d5e8cab818 (diff) | |
| download | pkgsrc-e720d2a0372a64ecb9719eff49bee8e8ee613a17.tar.gz | |
Add support for PKGSRC_MKPIE with cwrappers
This is based on a patch submitted on 16/04/2017 on tech-pkg@ and
adapted by joerg@ for pkgtools/cwrappers. It only consists in the
missing part to actually generate PIE executables with cwrappers if
configured to do so (currently disabled by default). The aim is really
to produce safer binaries where ASLR is in use.
This part in pkgsrc is only supported on NetBSD (x86) with GCC at the
moment.
Tested on NetBSD/amd64, with and without cwrappers, with and without
PKGSRC_MKPIE (all four combinations).
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/compiler/gcc.mk | 8 | ||||
| -rw-r--r-- | mk/cwrappers.mk | 5 |
2 files changed, 8 insertions, 5 deletions
diff --git a/mk/compiler/gcc.mk b/mk/compiler/gcc.mk index b7dcf859953..d3416828a4b 100644 --- a/mk/compiler/gcc.mk +++ b/mk/compiler/gcc.mk @@ -1,4 +1,4 @@ -# $NetBSD: gcc.mk,v 1.182 2017/08/04 08:53:33 jperkin Exp $ +# $NetBSD: gcc.mk,v 1.183 2017/08/25 01:43:17 khorben Exp $ # # This is the compiler definition for the GNU Compiler Collection. # @@ -336,14 +336,14 @@ _MKPIE_CFLAGS.gcc= -fPIC # XXX for executables it should be: #_MKPIE_CFLAGS.gcc= -fPIE # XXX for libraries a sink wrapper around gcc is required and used instead -#_MKPIE_LDFLAGS.gcc= -pie +_MKPIE_LDFLAGS.gcc= -pie .endif .if ${_PKGSRC_MKPIE} == "yes" _GCC_CFLAGS+= ${_MKPIE_CFLAGS.gcc} -_GCC_LDFLAGS+= ${_MKPIE_LDFLAGS.gcc} +#_GCC_LDFLAGS+= ${_MKPIE_LDFLAGS.gcc} CWRAPPERS_APPEND.cc+= ${_MKPIE_CFLAGS.gcc} -# XXX this differs for libraries and executables +# this differs for libraries and executables (handled in mk/cwrappers.mk) # CWRAPPERS_APPEND.ld+= ${_MKPIE_LDFLAGS.gcc} .endif diff --git a/mk/cwrappers.mk b/mk/cwrappers.mk index b24918d8f18..ca6fbd9d3b9 100644 --- a/mk/cwrappers.mk +++ b/mk/cwrappers.mk @@ -1,4 +1,4 @@ -# $NetBSD: cwrappers.mk,v 1.28 2017/05/04 18:30:56 joerg Exp $ +# $NetBSD: cwrappers.mk,v 1.29 2017/08/25 01:43:17 khorben Exp $ # # This Makefile fragment implements integration of pkgtools/cwrappers. @@ -88,6 +88,9 @@ generate-cwrappers: . for alias in ${CWRAPPERS_ALIASES.${wrappee}} ${RUN}ln -s ${CWRAPPERS_SRC_DIR}/${CWRAPPERS_CONFIG.${wrappee}}-wrapper ${WRAPPER_BINDIR}/${alias} . endfor +. if ${_PKGSRC_MKPIE} == "yes" + ${RUN}echo append_executable=${_MKPIE_LDFLAGS.gcc} >> ${CWRAPPERS_CONFIG_DIR}/${CWRAPPERS_CONFIG.${wrappee}} +. endif .endfor PREPEND_PATH+= ${WRAPPER_BINDIR} |